/**
* Given the full path of a file, try to find the user the file
* corresponds to and assign him/her this file as his/her picture.
* Make extensive checks to make sure we don't open any security holes
* and report back any success/error.
*
* @param string $file the full path of the file to process
* @param string $userfield the prefix_user table field to use to
* match picture files to users.
* @param bool $overwrite overwrite existing picture or not.
*
* @return integer either PIX_FILE_UPDATED, PIX_FILE_ERROR or
* PIX_FILE_SKIPPED
*/
function process_file($file, $userfield, $overwrite)
{
// Add additional checks on the filenames, as they are user
// controlled and we don't want to open any security holes.
$path_parts = pathinfo(cleardoubleslashes($file));
$basename = $path_parts['basename'];
$extension = $path_parts['extension'];
if ($basename != clean_param($basename, PARAM_CLEANFILE)) {
// The original picture file name has invalid characters
notify(get_string('uploadpicture_invalidfilename', 'admin', clean_param($basename, PARAM_CLEANHTML)));
return PIX_FILE_ERROR;
}
// The picture file name (without extension) must match the
// userfield attribute.
$uservalue = substr($basename, 0, strlen($basename) - strlen($extension) - 1);
// userfield names are safe, so don't quote them.
if (!($user = get_record('user', $userfield, addslashes($uservalue)))) {
$a = new Object();
$a->userfield = clean_param($userfield, PARAM_CLEANHTML);
$a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
notify(get_string('uploadpicture_usernotfound', 'admin', $a));
return PIX_FILE_ERROR;
}
$haspicture = get_field('user', 'picture', 'id', $user->id);
if ($haspicture && !$overwrite) {
notify(get_string('uploadpicture_userskipped', 'admin', $user->username));
return PIX_FILE_SKIPPED;
}
if (my_save_profile_image($user->id, $file)) {
set_field('user', 'picture', 1, 'id', $user->id);
notify(get_string('uploadpicture_userupdated', 'admin', $user->username));
return PIX_FILE_UPDATED;
} else {
notify(get_string('uploadpicture_cannotsave', 'admin', $user->username));
return PIX_FILE_ERROR;
}
}
/**
* Given the full path of a file, try to find the user the file
* corresponds to and assign him/her this file as his/her picture.
* Make extensive checks to make sure we don't open any security holes
* and report back any success/error.
*
* @param string $file the full path of the file to process
* @param string $userfield the prefix_user table field to use to
* match picture files to users.
* @param bool $overwrite overwrite existing picture or not.
*
* @return integer either PIX_FILE_UPDATED, PIX_FILE_ERROR or
* PIX_FILE_SKIPPED
*/
function process_file($file, $userfield, $overwrite)
{
global $DB, $OUTPUT;
// Add additional checks on the filenames, as they are user
// controlled and we don't want to open any security holes.
$path_parts = pathinfo(cleardoubleslashes($file));
$basename = $path_parts['basename'];
$extension = $path_parts['extension'];
// The picture file name (without extension) must match the
// userfield attribute.
$uservalue = substr($basename, 0, strlen($basename) - strlen($extension) - 1);
// userfield names are safe, so don't quote them.
if (!($user = $DB->get_record('user', array($userfield => $uservalue, 'deleted' => 0)))) {
$a = new stdClass();
$a->userfield = clean_param($userfield, PARAM_CLEANHTML);
$a->uservalue = clean_param($uservalue, PARAM_CLEANHTML);
echo $OUTPUT->notification(get_string('uploadpicture_usernotfound', 'tool_uploaduser', $a));
return PIX_FILE_ERROR;
}
$haspicture = $DB->get_field('user', 'picture', array('id' => $user->id));
if ($haspicture && !$overwrite) {
echo $OUTPUT->notification(get_string('uploadpicture_userskipped', 'tool_uploaduser', $user->username));
return PIX_FILE_SKIPPED;
}
if ($newrev = my_save_profile_image($user->id, $file)) {
$DB->set_field('user', 'picture', $newrev, array('id' => $user->id));
echo $OUTPUT->notification(get_string('uploadpicture_userupdated', 'tool_uploaduser', $user->username), 'notifysuccess');
return PIX_FILE_UPDATED;
} else {
echo $OUTPUT->notification(get_string('uploadpicture_cannotsave', 'tool_uploaduser', $user->username));
return PIX_FILE_ERROR;
}
}